ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-03-28 14:49:17 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

kernel: avoid flow offload for connections with xfrm on the dst entry (should fix IPSec)

Browse Source 
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2018-04-08 19:19:58 +02:00
parent df02e7a3c7
commit b560c1748a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
View File

@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null --- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c +++ b/net/netfilter/xt_FLOWOFFLOAD.c
@@ -0,0 +1,365 @@ @@ -0,0 +1,368 @@
+/* +/*
+ * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name> + * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
+ * + *
@ -326,6 +326,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+ if (!this_dst || !other_dst) + if (!this_dst || !other_dst)
+ return -ENOENT; + return -ENOENT;
+ +
+ if (dst_xfrm(this_dst) || dst_xfrm(other_dst))
+ return -EINVAL;
+
+ route->tuple[dir].dst = this_dst; + route->tuple[dir].dst = this_dst;
+ route->tuple[dir].ifindex = xt_in(par)->ifindex; + route->tuple[dir].ifindex = xt_in(par)->ifindex;
+ route->tuple[!dir].dst = other_dst; + route->tuple[!dir].dst = other_dst;